[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2014-4849)

Fri Apr 11 08:40:41 PDT 2014

Synopsis: FEDORA-2014-4849 can now be patched using Ksplice
CVEs: CVE-2014-0055 CVE-2014-0077 CVE-2014-2568 CVE-2014-2580 CVE-2014-2678

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-4849.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Deadlock in Conexant USB DVB data transfer.

The USB Digital Video Broadcasting driver does not correctly unlock data when a
data transfer fails, leading to a deadlock and kernel panic.

* Deadlock in DvbWorld and TeVii DVB device driver.

The DvbWorld and TeVii USB Digital Video Broadcasting driver does not correctly
unlock data when a data transfer fails, leading to a deadlock and kernel panic.

* Kernel panic in Conexant PCI video recorder device driver.

Memory allocation can fail in the Conexant PCI video recorder device driver
triggering a NULL pointer dereference and kernel panic when reading the device's
EEPROM.

* Remote memory leak in SunRPC GSSAPI authentication.

The kernel SunRPC GSSAPI authentication library does not release a reference when
encoding a GSSAPI message fails leading to a kernel panic.

* Information leak in packet filter JIT engine.

An incorrect bound is used when validating Berkeley Packet Filter programs
allowing a malicious user to read the contents kernel memory.

* Userspace memory corruption in SYSLOG_ACTION_READ_ALL.

The kernel syslog implementation does not correctly handle the
SYSLOG_ACTION_READ_ALL syslog command causing too much data to be copied to a
userspace process. This potentially causes memory corruption and crash in the
userspace process.

* Kernel panic in nested KVM MMU management.

The KVM virtual MMU does not correctly handle memory mappings in nested virtual
machines leading to a kernel panic.

* Remote denial-of-service in CephFS object storage daemon.

The Ceph filesystem object storage daemon (OSD) does not correctly handle
truncated requests which can lead to the OSD never completing a request and
blocking further requests leading to a denial of service.

* CVE-2014-2568: Information leak in netlink packet copying.

A reference counting error in the netlink net-filter subsystem can cause the
contents of kernel memory to be leaked to unprivileged users in netlink packets.

* CVE-2014-0055: Kernel panic when receiving packets in virtio networking.

When receiving packets, missing data validation can cause the virtual networking
subsystem to dereference an invalid pointer causing a kernel panic.

* CVE-2014-0077: Kernel panic when receiving short packets in virtio networking.

Missing data validation when receiving truncated packets in the virtual networking
subsystem can cause the kernel to dereference an invalid pointer triggering a
kernel panic.

* CVE-2014-2580: Denial-of-service in Xen backend network driver.

Invalid locking in the Xen backend network driver can trigger a deadlock and
kernel panic when receiving malformed packets.

* Data corruption of ext4 immutable files when updating inode flags.

A race condition in the ext4 file system when updating the inode flags of
an immutable file could open a small window of time where the immutable
flag is not set. Provided very good timing, a local, unprivileged user
could use this flaw to modify an immutable file.

* Denial-of-service in Xen balloon driver when decreasing memory reservation.

A flaw in the Xen balloon driver could lead to a kernel Oops under specific
conditions. A local, privileged user could use this flaw to cause a
denial-of-service in Xen domains.

* Deadlock when initializing non-blocking random pool.

Incorrect locking in the random library of the Linux kernel could lead to a
deadlock if the non-blocking random pool gets initialized concurrently to a
reseed. A local, unprivileged user could use this flaw to cause
denial-of-service.

* CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.

A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.